Cleanup: remove unnecessary AnyP::PortCfg::contextMethod

Now that SSL/TLS server method is a fixed API function we do not have to
store it locally. Move the lookup to the SSL support code where it is
actually used.

diff --git a/src/anyp/PortCfg.cc b/src/anyp/PortCfg.cc
index 26a10e3f2f880f7220c149121b3ddb7ae176a8af..31ab284e5d4a98a47dd10d6554d9c2c15fad57a4 100644 (file)
--- a/src/anyp/PortCfg.cc
+++ b/src/anyp/PortCfg.cc
@@ -69,7 +69,6 @@ AnyP::PortCfg::PortCfg() :
     clientCA(),
     dhParams(),
     eecdhCurve(NULL),
-    contextMethod(),
     sslContextFlags(0),
     sslOptions(0)
 #endif
@@ -227,12 +226,6 @@ AnyP::PortCfg::configureSslServerContext()
         version = 0; // prevent options being repeatedly appended
     }
 
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
-    contextMethod = TLS_server_method();
-#else
-    contextMethod = SSLv23_server_method();
-#endif
-
     const char *dhParamsFile = dhfile; // backward compatibility for dhparams= configuration
     safe_free(eecdhCurve); // clear any previous EECDH configuration
     if (tls_dh && *tls_dh) {

diff --git a/src/anyp/PortCfg.h b/src/anyp/PortCfg.h
index 66670ebb432fe426fd6a6b14ce953537a5d7e682..fd3226e83bdca0b18898fb862afbd98cdbc5bdb1 100644 (file)
--- a/src/anyp/PortCfg.h
+++ b/src/anyp/PortCfg.h
@@ -95,7 +95,6 @@ public:
     Ssl::X509_NAME_STACK_Pointer clientCA; ///< CA certificates to use when verifying client certificates
     Ssl::DH_Pointer dhParams; ///< DH parameters for temporary/ephemeral DH key exchanges
     char *eecdhCurve; ///< Elliptic curve for ephemeral EC-based DH key exchanges
-    Ssl::ContextMethod contextMethod; ///< The context method (SSL_METHOD) to use when creating certificates
     long sslContextFlags; ///< flags modifying the use of SSL
     long sslOptions; ///< SSL engine options
 #endif

diff --git a/src/ssl/support.cc b/src/ssl/support.cc
index e2ea36d74c4b1532dae2571656a23aa7f157f28c..967ff3a5d6d4777db80418889bee1af4ec59b02d 100644 (file)
--- a/src/ssl/support.cc
+++ b/src/ssl/support.cc
@@ -990,7 +990,11 @@ sslCreateServerContext(AnyP::PortCfg &port)
     if (!certfile)
         certfile = keyfile;
 
-    SSL_CTX *sslContext = SSL_CTX_new(port.contextMethod);
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+    SSL_CTX *sslContext = SSL_CTX_new(TLS_server_method());
+#else
+    SSL_CTX *sslContext = SSL_CTX_new(SSLv23_server_method());
+#endif
 
     if (sslContext == NULL) {
         ssl_error = ERR_get_error();
@@ -1437,7 +1441,11 @@ sslGetUserCertificateChainPEM(SSL *ssl)
 SSL_CTX *
 Ssl::createSSLContext(Ssl::X509_Pointer & x509, Ssl::EVP_PKEY_Pointer & pkey, AnyP::PortCfg &port)
 {
-    Ssl::SSL_CTX_Pointer sslContext(SSL_CTX_new(port.contextMethod));
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+    Ssl::SSL_CTX_Pointer sslContext(SSL_CTX_new(TLS_server_method()));
+#else
+    Ssl::SSL_CTX_Pointer sslContext(SSL_CTX_new(SSLv23_server_method()));
+#endif
 
     if (!SSL_CTX_use_certificate(sslContext.get(), x509.get()))
         return NULL;